10-08-2015 04:01 AM
Hello everyone,
I recently deployed SFR module on ASA 5512-X and I am facing the following issue : One website that is used on a daily basis is blocked since we deployed FirePower services. Actually, it's been categorized as "Malware Site" with a bad reputation "High Risk".
I added this URL to a white list so it can be reached but the customer asks to gather some information on why it's been categorized like this. My question is : is there a Sourcefire or Cisco tool where we can see the history of a particular domain or IP address ?
I checked on senderbase.org but there is no information like this and I know Sourcefire doesn't use SenderBase anyway.
My guess is maybe this website has been hacked in the past and is delivering malware since.
Thanks in advance,
Vincent
Solved! Go to Solution.
10-08-2015 06:49 AM
I think Sourcefire uses brightcloud as a web reputation. Check how categorized is website you are accessing.
http://www.brightcloud.com/tools/change-request-url-ip.php
10-08-2015 06:49 AM
I think Sourcefire uses brightcloud as a web reputation. Check how categorized is website you are accessing.
http://www.brightcloud.com/tools/change-request-url-ip.php
10-08-2015 06:54 AM
Exactly what I was looking for ! Thanks !
Do you know if FirePower will use Cisco Security Intelligence in the future instead of Brightcloud ?
10-08-2015 07:17 AM
I don´t know any about SourceFire roadmaps. Sorry.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: